Category: Supply Chain Attacks

Cybersecurity threats are multi-faceted, often connected, and accelerating fast. Ransomware, nation-state attacks, employee errors, and third parties – all pose risks for enterprises seeking to safeguard their organizations and customers from cyber attacks and the resulting consequences.

One particularly insidious threat is the supply chain attack. Particularly in today’s interconnected, digital world that favors diverse sourcing, supply chains are increasingly vulnerable to cyber breaches. Even a seemingly small entry point – say, an outdated password on a legacy system – can open the door to massive havoc that can impact and even shut down an entire business.

What is a Supply Chain Attack and How Do They Happen?

A supply chain attack is an orchestrated strike by cybercriminals to find and take advantage of vulnerabilities in the connected network of suppliers, vendors, and contractors that support an organization’s operations – sometimes called the extended enterprise, or the 3rd/nth parties.

Bad actors use a “back door” approach by targeting these downstream suppliers or third parties with the goal of getting to the ultimate organization. Usually, the ultimate target is larger or more desirable and theoretically harder to breach. By using the smaller or less protected supplier, hackers can gain access through malware or other malicious code, such as viruses, ransomware, or other programs designed to steal data or disable systems.

SolarWinds, for example, was hit via a devastating attack on a software supplier impacted numerous organizations, including government agencies. Another would be the attack Log4j was dealt due to a vulnerability in a widely used open-source logging library that exposed many organizations to potential attacks. There are countless other examples over the years, and hackers have only become smarter especially as supplier networks have continued to multiply exponentially due to the many benefits they bring to an organization. 

Vulnerabilities are on the rise, too: up 180% from 2022 to 2023, according to Verizon’s 2024 Data Breach Investigations Report. The same report shows vulnerability exploitation of web applications specifically represented roughly 20% of data breaches, with VPN vector exploitations expected to take up an increasing share by 2025.

Assessing the Impacts of Supply Chain Attacks

A supply chain data breach has obvious immediate implications: compromised data, the potential need to shut down systems, the cost of remediation and recovery, and the likely decline of customer trust. 

Longer-term implications include financial losses, reputational damage, regulatory penalties, and operational disruptions. In industries such as healthcare or critical infrastructure, where safety is paramount, the consequences can even become life-threatening.

Supply chain attacks also have a “ripple effect”: rarely is just one supplier impacted. Think of the chip shortage in 2023. While not the result of a data breach, Tesla was severely impacted in 2023.

Strategies to Stay Ahead of Supply Chain Attacks

To stay ahead of cyber attacks, including supply chain attacks, organizations must carefully manage their cyber and IT risk as part of coordinated risk strategy that includes:

  • Vetting and monitoring of third parties: All third parties, including suppliers, vendors, and contractors, must be assessed when onboarding to understand their security posture and risk management practices. Ongoing monitoring is a must for continued due diligence and alerting to potential security issues. And ensure you have a robust program for offboarding third parties and suppliers. Old credentials provide an easy entry for malicious actors.
  • Enterprise-wide risk assessment: Connect risk data across divisions and globally for a complete view of risk. Use autonomous monitoring to detect potential risks and control failures to prevent malicious entry.
  • Incident preparedness: Tailor incident response plans to identify and monitor the critical suppliers in the supply chain. Ensure coordinated efforts are in place to effectively respond to security incidents. Most critically, protecting against supply chain attacks requires proactive collaboration, coordination and communication. 

Why Short-Term and Long-Term Risk Management Matter

Cyber risk management is essential because cyber threats are accelerating along with vulnerabilities, and organizations can’t afford to be complacent.

Consequences of lackadaisical risk management include immediate impacts of a breach – lost data, downtime, and costs of remediation – as well as longer-term consequences. 

Brand reputation and competitiveness are at stake, as are relationships with other suppliers. Regulatory repercussions are real, especially with the advent of resilience legislation like the EU’s Digital Operational Resilience Act (DORA) and the SEC’s Cybersecurity Rule, both of which come with stringent consequences for not managing and reporting cyber attacks.

Finally, risk leaders can even be held personally accountable for the consequences of attacks. CISOs are the most obvious candidate, but Chief Compliance Officers also may be liable. And even non C-level leaders may not be exempt.

Stay Prepared – And Stay Ahead of Risk

With interconnected risks growing fast and technologies like AI making bad actors even smarter, the stakes in cyber risk have never been higher. Proactive, collaborative cyber risk management can’t completely prevent cyber and supply chain attacks, but it can empower organizations with agility and resilience to lessen their inevitability – and rebound with confidence.

 

The post The Underestimated Cyber Threat: Anticipating and Combatting Supply Chain Attacks appeared first on Cybersecurity Insiders.

3 Takeaways From the 2022 Verizon Data Breach Investigations Report

Sometimes, data surprises you. When it does, it can force you to rethink your assumptions and second-guess the way you look at the world. But other times, data can reaffirm your assumptions, giving you hard proof they're the right ones — and providing increased motivation to act decisively based on that outlook.

The 2022 edition of Verizon's Data Breach Investigations Report (DBIR), which looks at data from cybersecurity incidents that occurred in 2021, is a perfect example of this latter scenario. This year's DBIR rings many of the same bells that have been resounding in the ears of security pros worldwide for the past 12 to 18 months — particularly, the threat of ransomware and the increasing relevance of complex supply chain attacks.

Here are our three big takeaways from the 2022 DBIR, and why we think they should have defenders doubling down on the big cybersecurity priorities of the current moment.

1. Ransomware's rise is reaffirmed

In 2021, it was hard to find a cybersecurity headline that didn't somehow pertain to ransomware. It impacted some 80% of businesses last year and threatened some of the institutions most critical to our society, from primary and secondary schools to hospitals.

This year's DBIR confirms that ransomware is the critical threat that security pros and laypeople alike believe it to be. Ransomware-related breaches increased by 13% in 2021, the study found — that's a greater increase than we saw in the past 5 years combined. In fact, nearly 50% of all system intrusion incidents — i.e., those involving a series of steps by which attackers infiltrate a company's network or other systems — involved ransomware last year.

While the threat has massively increased, the top methods of ransomware delivery remain the ones we're all familiar with: desktop sharing software, which accounted for 40% of incidents, and email at 35%, according to Verizon's data. The growing ransomware threat may seem overwhelming, but the most important steps organizations can take to prevent these attacks remain the fundamentals: educating end users on how to spot phishing attempts and maintain security best practices, and equipping infosec teams with the tools needed to detect and respond to suspicious activity.

2. Attackers are eyeing the supply chain

In 2021 and 2022, we've been using the term "supply chain" more than we ever thought we would. COVID-induced disruptions in the flow of commodities and goods caused lumber to skyrocket and automakers to run short on microchips.

But security pros have had a slightly different sense of the term on their minds: the software supply chain. Breaches from Kaseya to SolarWinds — not to mention the Log4j vulnerability — reminded us all that vendors' systems are just as likely a vector of attack as our own.

Unfortunately, Verizon's Data Breach Investigations Report indicates these incidents are not isolated events — the software supply chain is, in fact, a major avenue of exploitation by attackers. In fact, 62% of cyberattacks that follow the system intrusion pattern began with the threat actors exploiting vulnerabilities in a partner's systems, the study found.

Put another way: If you were targeted with a system intrusion attack last year, it was almost twice as likely that it began on a partner's network than on your own.

While supply chain attacks still account for just under 10% of overall cybersecurity incidents, according to the Verizon data, the study authors point out that this vector continues to account for a considerable slice of all incidents each year. That means it's critical for companies to keep an eye on both their own and their vendors' security posture. This could include:

  • Demanding visibility into the components behind software vendors' applications
  • Staying consistent with regular patching updates
  • Acting quickly to remediate and emergency-patch when the next major vulnerability that could affect high numbers of web applications rears its head

3. Mind the app

Between Log4Shell and Spring4Shell, the past 6 months have jolted developers and security pros alike to the realization that their web apps might contain vulnerable code. This proliferation of new avenues of exploitation is particularly concerning given just how commonly attackers target web apps.

Compromising a web application was far and away the top cyberattack vector in 2021, accounting for roughly 70% of security incidents, according to Verizon's latest DBIR. Meanwhile, web servers themselves were the most commonly exploited asset type — they were involved in nearly 60% of documented breaches.

More than 80% of attacks targeting web apps involved the use of stolen credentials, emphasizing the importance of user awareness and strong authentication protocols at the endpoint level. That said, 30% of basic web application attacks did involve some form of exploited vulnerability — a percentage that should be cause for concern.

"While this 30% may not seem like an extremely high number, the targeting of mail servers using exploits has increased dramatically since last year, when it accounted for only 3% of the breaches," the authors of the Verizon DBIR wrote.

That means vulnerability exploits accounted for a 10 times greater proportion of web application attacks in 2021 than they did in 2022, reinforcing the importance of being able to quickly and efficiently test your applications for the most common types of vulnerabilities that hackers take advantage of.

Stay the course

For those who've been tuned into the current cybersecurity landscape, the key themes of the 2022 Verizon DBIR will likely feel familiar — and with so many major breaches and vulnerabilities that claimed the industry's attention in 2021, it would be surprising if there were any major curveballs we missed. But the key takeaways from the DBIR remain as critical as ever: Ransomware is a top-priority threat, software supply chains need greater security controls, and web applications remain a key attack vector.

If your go-forward cybersecurity plan reflects these trends, that means you're on the right track. Now is the time to stick to that plan and ensure you have tools and tactics in place that let you focus on the alerts and vulnerabilities that matter most.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.